Remote Code Exposure in IBM WebSphere Commerce Suite
CVE-2001-0446

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce Suite
Vendor: CVE Published:; 18 June 2001

Summary

IBM WebSphere Commerce Suite version 4.0.1, when used with Application Server version 3.0.2, has a vulnerability that allows remote attackers to gain unauthorized access to the source code of .jsp files. This security flaw can be exploited by appending a trailing slash to the URL, potentially exposing sensitive application code and logic to attackers.

References

http://marc.info/?l=bugtraq&m=98583082225053&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jun 18, 2001
Vulnerability Reserved
May 24, 2001